SUSE-SU-2018:0974-1: moderate: Security update for erlang
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Apr 18 04:13:41 MDT 2018
SUSE Security Update: Security update for erlang
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0974-1
Rating: moderate
References: #1070960
Cross-References: CVE-2017-1000385
Affected Products:
SUSE OpenStack Cloud 7
SUSE Enterprise Storage 4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for erlang fixes the following security issue:
- CVE-2017-1000385: An erlang TLS server configured with cipher suites
using RSA key exchange, may be vulnerable to an Adaptive Chosen
Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when
exploited, may result in plaintext recovery of encrypted messages and/or
a Man-in-the-middle (MiTM) attack, despite the attacker not having
gained access to the server's private key itself. (bsc#1070960)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2018-652=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2018-652=1
Package List:
- SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
erlang-17.5.6-3.3.1
erlang-debuginfo-17.5.6-3.3.1
erlang-debugsource-17.5.6-3.3.1
erlang-epmd-17.5.6-3.3.1
erlang-epmd-debuginfo-17.5.6-3.3.1
- SUSE Enterprise Storage 4 (aarch64 x86_64):
erlang-17.5.6-3.3.1
erlang-debuginfo-17.5.6-3.3.1
erlang-debugsource-17.5.6-3.3.1
erlang-epmd-17.5.6-3.3.1
erlang-epmd-debuginfo-17.5.6-3.3.1
References:
https://www.suse.com/security/cve/CVE-2017-1000385.html
https://bugzilla.suse.com/1070960
More information about the sle-security-updates
mailing list